CVE-2023-26288
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2023-26288 is a vulnerability affecting IBM Aspera Orchestrator 4.0.1. This issue allows an authenticated user to maintain their session after changing their password, enabling them to impersonate another user on the system. IBM X-Force has assigned it the ID 248477. The failure to invalidate sessions following password changes creates a significant security risk, as unauthorized access to other users' accounts can result in data breaches or system compromise. IBM urges users to upgrade to a patched version as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.